Acceptable Use of Information Technology Resources

POLICIES

In keeping with the spirit of free intellectual inquiry that is fundamental to our mission, the principles of academic freedom and individual privacy will be respected by the University as outlined in this policy. In turn, all users of the University's information technology resources are expected to demonstrate the highest respect for the rights of others in their use of these resources. Access to the University's information technology (IT) resources is a privilege. This privilege may be limited or revoked if an individual violates University policies or state or federal laws.

This policy applies to all information technology resources provided by the University and to all users of these resources. All members of the University community are given notice of this policy by virtue of its publication, and are subject to it on the same basis. Ignorance of this policy does not relieve any user of his or her responsibilities under the policy. All users are expected to familiarize themselves with the contents of this policy and act in conformance with the following principles regarding any use of the University's IT resources.

Due to the rapid nature of change in both information technologies and their applications, the University may amend this policy whenever deemed necessary or appropriate. Users are encouraged to periodically review this policy in order to understand their rights and responsibilities under this policy.

A destructive program that masquerades as a benign application; one of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.

A software program that automatically discovers and/or shares files with peers on a network. Although there are legitimate peer-to-peer file sharing programs, some of these programs are used for unlawful activities, such as sharing music and videos that are protected by copyright.

User access to information technology resources is granted to an individual by the University solely for the grantee's own use. User access privileges must not be transferred or shared, except as expressly authorized by an appropriate University official.

This principle is intended to help protect the integrity, security, and privacy of user accounts. Sharing access with another individual undermines the security of an account, leaving it vulnerable to abuse by others. Sharing or transferring access may also jeopardize the security of the University's entire information technology system. Keeping passwords secure and attending to an account while logged on are fundamental to the security of an account.

Not sharing access privileges also helps protect against unauthorized activities on an account for which an individual could be held personally responsible. For example, if someone else uses an account with the account holder's permission and violates University policy, including theCode of Student Rights and Responsibilities, the account holder can be charged with the violation and made subject to the same student or employment disciplinary action as the actual user.

Students should not share account information and/or passwords with any other users. University employees should not share passwords with any other employee unless expressly authorized to do so by the appropriate University authority with responsibility for the account.

For information and assistance about obtaining and/or maintaining a University IT account, contact the University's IT HelpDesk at 901-678-8888.

The privacy of all users and the integrity and operational security of the University's information technology system must be respected by all. University IT resources must not be used to attempt unauthorized access to private information maintained by users or by the University itself.

This principle is intended to apply to all aspects of the University's information technology system, and to all users, whether students, employees, or guest users. The University's IT resources must not be used to gain unauthorized access to private information, even if that information is not securely protected or is otherwise available. The fact that an individual account and its data may be unprotected does not confer either an ethical or legal right to access it.

The University will not routinely monitor the content of private electronic communications or other private electronic activity and will make every reasonable effort to protect them from unauthorized access or inspection. However, investigations of misuse, unauthorized use or illegal activity, as well as routine or emergency maintenance of the University's IT system, may sometimes require observation of private information by appropriate and authorized university officials, employees, or their authorized agents. Such activities are not in violation of this principle so long as these activities are conducted by authorized individuals on behalf of the University.

Unauthorized access to private information constitutes a violation of this policy, and may result in serious disciplinary charges under the Code of Student Rights and Responsibilities, up to and including expulsion, and/or employment discipline, up to and including termination. Violation of this principle may also constitute a violation of state or federal law.

Information technology resources are shared resources that must be available to all users in an equitable manner. Users must not engage in any behavior or activity that unreasonably interferes with the access privileges of other users or with the University's ability to provide access to these resources for its entire community of users.

Information technology resources are finite and must be shared. The University's commitment to the principle of fair and equitable access for all users requires that users refrain from activities that compromise its overall ability to deliver IT services or that interfere with its ability to make IT resources available for all qualified users. This principle involves every aspect of the University's IT services and infrastructure, ranging from such diverse activities as unauthorized network connections through disruptive behavior in University computer labs that interferes with the rights of other lab users. The University reserves the right to take all appropriate and reasonable measures, including the use of available technological measures (e.g., limiting the amount of available bandwidth) in order to insure equitable access to IT resources for the benefit of all users.

Users must not use University information technology resources in the commission of any illegal or otherwise unauthorized act. Violation of state or federal laws, including anti-hacking provisions, copyright, and trademark laws, is inconsistent with ethical and responsible use of University IT resources and is strictly prohibited.

Users agree to strict adherence to this principle through their use of University IT resources. In addition to possible civil and criminal penalties, illegal use can result in serous sanctions under the University Policy UM 1483, Use of Copyrighted Materials, and the Code of Student Rights and Responsibilities. Sanctions can include severe employment discipline, up to and including termination. The University will cooperate fully with law enforcement officials regarding criminal investigations of any use of its IT resources in violation of this principle.

Users should observe the same standards of ethical conduct and courteous behavior that govern non-electronic vocal and written communications and other personal interactions whenever they use the University's IT resources.

Ethical and courteous use of information technology resources is the responsibility of every user. This principle is fundamental to the spirit of community and standards of civility that should govern interactions among all members of the University community.

While this principle applies to all users under any circumstances, it is particularly important that students using University owned computers in labs or other University controlled areas conform to this policy and all other applicable University policies or regulations, including the Code of Student Rights and Responsibilitiesand the TigerLAN Lab Guidelines.

Employees of the university also have a special ethical duty to use their broad access to the University's information technology resources in conformance with this and all other principles of this policy. Use of information technology resources by University employees that is unrelated to their official position should be reasonable and limited in both time and resources and must not interfere with University functions or the employee's performance of employment responsibilities.

In some instances, failure to act in conformance with this principle may violate state or federal law, and also may violate other principles of this policy or other University policies themselves, including the Code of Student Rights and Responsibilities. Violations of this principle may result in limiting or even denial of access to these resources, as well as student and/or employment disciplinary action.

Users must not use University information technology resources for any unauthorized commercial purposes. Use of any University information technology resources for personal gain or profit is prohibited.

The University's IT resources are provided in support of the University's educational, research and service missions; therefore, uses that are consistent with this purpose must always receive the highest priority. Other uses, such as those that indirectly support this mission, including reasonable and limited personal use, while permissible, must necessarily receive a lower priority. Unauthorized commercial use of university resources is inappropriate and inconsistent with the University's mission.

Users may not install or use any unauthorized Peer-to-Peer File Sharing device to share or distribute

copyrighted material without authorization from the copyright owner.

privileged, private, or strategic information determined by cognizant administrators as vital to the operation of the University.

any viruses, spyware, copyrighted software, or license keys.

software that threatens or disrupts any University of Memphis computing services.

Peer-to-peer file sharing programs may pose opportunities for significant loss to owners of copyrighted material and significant liability to the University. Allowing non-authorized access to computers on the University network may provide access to privileged information. Peer to peer programs degrade the speed of the network, and they may contain spy-ware, viruses, or exploits that may allow unauthorized access to the machine hosting the program. These programs also contribute to network slowdowns and may provide backdoors to hackers with additional resources to launch attacks.

Violation of this policy will result in action by the appropriate University office or agency. Students who violate this policy may be referred to the University's Office of Judicial and Ethical Programs for disciplinary action under the Code of Student Rights and Responsibilities. Employees who violate this policy may be subject to disciplinary measures imposed by their appropriate supervisor in consultation with the University's Office of Employee Relations and its Office of Legal Counsel. Violations of state or federal laws regarding unlawful access or use may be referred to the appropriate law enforcement officials for investigation and/or prosecution.

University sanctions will be imposed by the appropriate University authority upon findings made in conformance with the due process procedures outlined in applicable University policies. Sanctions may include, but are not limited to, limitation or revocation of access rights and/or other sanctions up to and including suspension or expulsion for students, and termination for employees. Sanctions may also include restitution to the University for charges incurred in detecting and substantiating violations of these rules, as well as any costs incurred as a result of the violation itself. Users should be aware such charges could be substantial.

When the Chief Information Officer, a designee, or the appropriate system administrator has reason to believe that a violation involving a security threat to the system or other users and/or illegal activity may have occurred, he or she may immediately suspend information technology privileges for the involved user(s).

If a user account is summarily suspended, the user will be immediately notified. Users may check the status of reinstatement of access privileges by contacting the University's IT Helpdesk at (901) 678-8888. If, upon further investigation by the appropriate University officials, the violation appears to have been willful and deliberate, the appropriate University official may refer the violation and the violator's identity to the appropriate University authority for disciplinary action.

Examples of activities that may violate this principle, include, but are not limited to the following:

Intentional disruption of the IT system, including without limitation, installing, propagating, or otherwise running any malicious program that attempts to violate the operational integrity of the system (e.g. "worms" and "viruses")

Failure to comply with requests from appropriate University employees to discontinue activities that threaten the operational integrity of any component of the IT system

Unauthorized connections to the system, its networks, as well as unauthorized extensions or re-transmissions of any system services.

Continuing to download or upload large files during periods of peak usage after having received a request from the appropriate University IT official to defer such use until a later time